BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE
OUR ORGANISATION AND SPECIALIST SKILLS Focused on delivery, integration and managed services around Identity and Access Management. Specialist Consultancy (Principal Consultant, Senior, Consultant and Juniors); Project and Programme Management; Analysis (Business and Technical Analysts); Software Development; Test Services; and Creative (including interface design and internal marketing). A dedicated Software Development organisation, our portfolio helps our clients to achieve their business goals by providing capabilities across: Centralised Audit; Federated Identity Management; Identity and User Lifecycle Management; Identity and Access Governance, included Segregation of Duties Management; Mobile Access and Device Management; Strong Authentication, Web Access Management and Single Sign-On.
UNDERSTANDING THE IAM EVOLUTION WHY DO WE NEED TO MOVE BEYOND AUTHENTICATION?
UNDERSTANDING THE IAM EVOLUTION THE TRADITIONAL IT MODEL Users Internal, External, Hybrid (i.e. VPN) Devices PCs (desktop/laptop) and email clients Risks Internal staff, External users, Malware Entitlements Static and setup in advance Internal users access internal apps External user access external apps Identities HR driven enrolment with fixed entitlements Self or pre-registered external users with simple entitlement model
UNDERSTANDING THE IAM EVOLUTION TRADITIONAL IDENTITY AND ACCESS MANAGEMENT Web Access Management Centralised proxy or a collection of deployed agents SSO Cookies, HTML form completion, headers, Kerberos Controls Passwords, hardware tokens, SMS OTP Compliance Analysis, review and approval of entitlements held within every internal user data repository Resolution or dispensation of breaches Data Privacy Enforcement of secure data channels Privileged user/system account controls Lock down of client and server OS
UNDERSTANDING THE IAM EVOLUTION ADAPTING TO FUNDAMENTAL CHANGES Cloud Devices Applications are no longer only internal End user devices can be mobile Devices no longer all internally owned User Expectation Intuitive access at anytime, from anywhere on anything Business Expectation Risk IAM is now a business differentiator Ability for IAM to adapt rapidly Context and device now contributory factors
UNDERSTANDING THE IAM EVOLUTION NEW IAM REQUIREMENTS IAM that spans Federated, Datacentre and mobile services Support for incremental change Evolving beyond the password Mitigating the need for role mining Support for B.Y.O.D. Support for Bring Your Own Identity Risk-appropriate entitlements Unification of user experience
UNDERSTANDING THE IAM EVOLUTION HOW DO WE ADAPT? Orchestration Strength Context Unification of UX, IAM and business processes Pluggable adaptive IAM workflows Unification of multi-vendor infrastructures Work from a proven security infrastructure Make use of new open source technology Align with proven industry standards» SAML, OAuth, WS-*, OpenID Connect Understand a service s Business Impact Level (BIL) Appreciate the Level of Assurance (LoA) in a user s identity Recognise the status of a user s chosen device» Untrusted, Trusted and Compliant
IDENTITY IS CENTRAL TO ENABLING ACCESS EVERYWHERE IBM IS HELPING CLIENTS TACKLE INSIDER THREAT AND ADOPT SOCIAL, MOBILE AND CLOUD USE CASES TODAY WITH FLEXIBLE, LAYERED SECURITY SOLUTIONS IAM & Federation Web Application Scanning Virtualisation Security Network Security Image & Patch Management Database Monitoring IBM Security Intelligence
IBM NEXT GENERATION IDENTITY AND ACCESS MANAGEMENT STRATEGY Standardised IAM and Compliance Management Secure Cloud, Mobile, Social Interaction Insider Threat and IAM Governance
IDENTITY MANAGER 6.0 AND PRIVILEGED IDENTITY MANAGER IBM SECURITY IDENTITY MANAGER 6.0 Integrated role and identity management Adapters for provisioning to cloud services Rich adapters with health check, self-monitoring Simplified Web services API for self service UI IBM SECURITY PRIVILEGED IDENTITY MANAGER Control shared access and lifecycle Automate check-in/check-out with fine-grained audit Integrated with Enterprise SSO
IBM SECURITY ACCESS MANAGER 7.0 IBM SECURITY ACCESS MANAGER FOR WEB User access + integrated web content protection New Hardware Appliance (Access Manager Proxy) Highly scalable web access management Lower TCO and easy to deploy 3 rd party integration Web Access & Application Protection (software, virtual, HW appliance) IBM SECURITY ACCESS MANAGER FOR CLOUD & MOBILE OAuth authorisation service and enforcement points Built-in Risk-based Access control Wizard-driven integration with Google, SalesForce Federated, Risk-based Access
INTRODUCING PIREAN SOFTWARE Our focus is to build a portfolio of solutions which address the challenges of Identity, Access and Mobile management. Our Software portfolio helps accelerate IBM deployments and enables clients to achieve their business goals with: ACCESS: ONE RISK MANAGER User Experience, Self-Service, Mobile Authentication, Mobile Device Management, Single Sign-On, Strong Authentication, and Federated Identity. Service Desk Integration, Rule Based Compliance and Risk, Dynamic Reporting and Dashboarding, Entitlements Enrichment, Compliance and Audit.
INTRODUCING ACCESS: ONE PIREAN ACCESS: ONE CAPABILITIES Provides an IAM workflow framework Supports incremental/rapid change Context-driven IAM WebTop and corporate AppStore Multiple parallel UI themes Modelling of LoA, BIL and risk score Dashboarding of IAM metrics
INTRODUCING ACCESS: ONE SAMPLE USE CASES The screenshots below illustrate some common use cases of how customers have leveraged Access: One to strengthen security and enrich the user experience during user registration and authentication.
INTRODUCING ACCESS: ONE SAMPLE LOOK AND FEEL The screenshots below illustrate production instances of Access: One protecting customer systems.
WALKTHROUGH OF REAL LIFE SCENARIOS BEYOND AUTHENTICATION REAL LIFE SCENARIOS Internal Employees External Customers Web Services Audience 1K to 100K users 100K 100M users 10s/100s services Compliance Requirements Entitlements Access Mgmt. Identity Mgmt. UX Strong with regular review Low Strong with regular review Complex, changeable, privileged access Multi-factor, risk/context driven, dynamic authorisation Centralised, complex and approval-driven process Easy of use with low service desk dependency Simple and static Strong and easy to use. Supports BYOI User driven via self service capabilities Rich UX with cross device support Simple and static Password or token (WS-*, SAML, Kerberos) Typically setup locally None
ACCESS: ONE AND IBM PROVIDING CENTRALISED ACCESS FOR CLOUD AND CORPORATE RESOURCES Internal Internal Federated Apps Apps Applications IBM Security Security Federated Federated IBM Identity Manager Identity Manager Login through SAML, WS Federation, etc Access: One One Access: Orchestration Orchestration IBM Security Access Manager Internal Internal Applications Apps Apps 1 and 2-factor login through reverse proxy Access: One Themes and Presentation Services Web Services External Applications IBM Security Identity Manager Access requests and provisioning Access: One Provisioning Plug-In Internal Internal Directories and Apps Applications Apps
BEYOND AUTHENTICATION INTERNAL EMPLOYEE WEB ACCESS SCENARIO Web Access Management Enterprise Service Bus Security Directory (LDAP) + Other User Data Sources WALKTHROUGH OF REAL LIFE SCENARIOS
WALKTHROUGH OF REAL LIFE SCENARIOS BEYOND AUTHENTICATION EXTERNAL CUSTOMERS WEB ACCESS Customer via Mobile Application Customer via Browser Customer via Phone Web Access Management Web Web Applications Applications Web Federation Endpoint Authentication and Registration Presentation IVR System Security Token Mediation Enterprise Service Bus Policy Enforcement Secure Token Service Authentication and Registration Services Authorisation Service Security Directory (LDAP) + Other User Data Sources
SUMMARY CONCLUSIONS An(other) evolution in the IT landscape has begun We need to: Support on-going incremental change Embrace the new opportunities in Cloud, Mobile and Data Build with the strongest security infrastructure with the most innovative tools IBM Security Portfolio + Pirean Software = Beyond Authentication
NEXT STEPS WANT TO KNOW MORE? Live Access: One demonstrations are available at the IBM stand on the exhibition show floor (H80) A webinar on Orchestrated IAM will be held in May Please indicate your interest in attending on the feedback form IBM and Pirean co-hosted IAM Proof-Of- Technology session in May Please indicate your interest in attending on the feedback form